Template Security has discovered a root privilege escalation
vulnerability in the BlueCat Networks Adonis DNS/DHCP appliance
which allows the admin user to gain root privilege from the
Command Line Interface (CLI).

Software Version

Adonis version 5.0.2.8 was tested.

Details

The admin account on the Adonis DNS/DHCP appliance provides
access to a CLI that allows an administrator to perform tasks
such as setting the IP address, netmask, system time and system
hostname. By entering a certain command sequence, the
administrator is able to execute a command as root.

Impact

Access to the admin account is the same as root access on the
appliance.